Adobe warns of zero day vulnerability in Flash and Reader

[Peaches]

Adobe warns of zero day vulnerability in Flash and Reader

Adobe has reported that an unpatched vulnerability in its Adobe Flash Player can be exploited to inject and execute malicious code. The vulnerability has reportedly been used for targeted attacks in which victims, rather than being lured to a crafted webpage, were sent infected Excel files via email. These contained a crafted SWF file which ran in Flash Player when the Excel file was opened.

Version 10.x for Windows, Mac OS X, Linux and Android, and the embedded Flash plug-in for Chrome, are all reportedly affected. Versions 10.x and 9.x of Adobe Reader and Acrobat for Windows and Mac are also vulnerable, as they contain the same bug in their integrated authplay.dll Flash engine. In at least the Windows edition of version 10 (aka X) the bug cannot be exploited to compromise a system. The sandbox function prevents malicious code from accessing the operating system, blocking attackers from installing malware. Indeed no attacks on Adobe Reader have been observed.

More details - http://www.h-online.com/security/news/item/Adobe-warns-of-zero-day-vulnerability-in-Flash-and-Reader-1208184.html